VYPR
Vendor

QNAP Systems Inc.

Products
5
CVEs
16
Across products
16
Status
Private

Products

5

Recent CVEs

16
  • CVE-2024-50387Dec 6, 2024
    risk 0.02cvss epss 0.10

    A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and…

  • CVE-2025-11837Jan 2, 2026
    risk 0.00cvss epss 0.01

    An improper control of generation of code vulnerability has been reported to affect Malware Remover. The remote attackers can then exploit the vulnerability to bypass protection mechanism. We have already fixed the vulnerability in the following version: Malware Remover…

  • CVE-2025-62857Jan 2, 2026
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following version: QuMagie 2.8.1 and…

  • CVE-2025-52425Nov 7, 2025
    risk 0.00cvss epss 0.00

    An SQL injection vulnerability has been reported to affect QuMagie. A remote attacker can exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QuMagie 2.7.0 and later

  • CVE-2025-58464Nov 7, 2025
    risk 0.00cvss epss 0.00

    A relative path traversal vulnerability has been reported to affect QuMagie. If a remote attacker, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following version: QuMagie 2.7.3…

  • CVE-2025-54154Oct 3, 2025
    risk 0.00cvss epss 0.00

    An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version:…

  • CVE-2024-38642Sep 6, 2024
    risk 0.00cvss epss 0.00

    An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors. We have already fixed the vulnerability in the following…

  • CVE-2023-47219Jan 5, 2024
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

  • CVE-2023-47559Jan 5, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

  • CVE-2023-47560Jan 5, 2024
    risk 0.00cvss epss 0.01

    An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.2.1 and later

  • CVE-2023-41285Nov 10, 2023
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later

  • CVE-2023-41284Nov 10, 2023
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.4 and later

  • CVE-2023-39295Nov 10, 2023
    risk 0.00cvss epss 0.02

    An OS command injection vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following version: QuMagie 2.1.3 and later

  • CVE-2021-28805Jun 11, 2021
    risk 0.00cvss epss 0.00

    Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on…

  • CVE-2021-28801Jun 11, 2021
    risk 0.00cvss epss 0.01

    An out-of-bounds read vulnerability has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read sensitive information on the system. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.2 build 20210122 on…

  • CVE-2020-36198May 13, 2021
    risk 0.00cvss epss 0.01

    A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue…